Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

TheGift73 writes with news that the FBI is pushing a proposal to update old wiretap legislation so that modern web firms would be forced to build in backdoors to facilitate government surveillance. Quoting CNET:
"In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned. The FBI general counsel's office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly. ... The FBI's proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, that currently applies only to telecommunications providers, not Web companies. The Federal Communications Commission extended CALEA in 2004 to apply to broadband networks."

Ive had reasons to dislike this government since I started thiking for myself. You think I am going to let them threaten me away from my familial homeland? Fuck them....stay here and be the resistance!

Ive had reasons to dislike this government since I started thiking for myself. You think I am going to let them threaten me away from my familial homeland? Fuck them....stay here and be the resistance!

Fuck that. If the populace keeps electing people who pass these laws, then representative democracy is working as it should. You don't withdraw your support from a government by "resisting". You lawfully withdraw your support from a government by expatriating (paying any required exit taxes on your way out

If only we had a representative democracy, I bet this wouldn't be a problem.

Actually I believe we do. What we are experiencing is the emotionally governed (mostly fear-based) decision-making by a majority of people who have become too fat, intellectually lazy*, naive, complacent, and unable to look beyond the immediate moment. If not for that, most of our politicians would be fearful for their careers. If not for that, we'd probably see third parties and/or write-in candidates win major federal elections at least once in a while.

These are the people who fear dying in a terrorist attack more than an ever-growing government that is hell-bent on reducing freedom. They do this even though they are more likely to die from being struck by lightning. They do this even though every or nearly every other out-of-control government in all of history has deteriorated into a hellishly oppressive state.

These are the people who buy into the "for the children" rhetoric without taking one moment to consider the kind of nation those children will grow up to inherit. If you care so much about children, then you also want them to know and love prosperity and freedom, not fear and restriction.

These are the people who will vote for the candidate with the best marketing campaign and the most catchy sound bites, rather than the candidate who expouses principles they know to be sound.

These are the people who actually admire petty, infantile figures like Kim Kardashian and care more about American Idol and professional athletes than they do about the future of their nation.

These are the people who can use something like a computer for five years or more without ever knowing more about how it works and how to maintain it than when they started out. If it's not strictly necessary in order to make money, they generally don't care to learn it.

The minority of us who have sense, principles, personal responsibility, love learning new things, celebrate wisdom, truly love freedom without confusing it with license, think critically, and have undone the damage that government schooling did (or tried to do) to their natural curiosity and joy of discovery, do not deserve the kind of government the majority wants.

I seriously do not blame anyone for wanting to expatriate. They are simply refusing to deny the direction in which things are moving. Many of them, like myself, have tried to provide a different message, tried to promote awareness, and found that it's generally not valued. If the majority wants to be fat, stupid, and emotionally immature, at some point you have to respect their wishes. What you don't necessarily have to do is reap what they have sown for themselves.

* "Stupid" if you like, because they do not love to learn new things though they are capable of it and have more access to knowledge now than ever before in all of history.

The problem with expatriation is there is almost literally no place to go that is not following in the foot steps of the progressively "hellishly oppressive states".

It's a like a friend of mine who is much older and believes we have a few years left till a worldwide collapse that will affect even the most basic functions of society. He says he will be going to a tropical island paradise....

Ummmm kay. What about the other 2 million old perverts who follow you? Me? I'll be going to middle of the most hostile parts of the planet that I can find with the most technology and resources that I can bring. Middle of Alaska, or the Four Corners. Someplace that is so ridiculously difficult to get to, that once you get there and can be self sufficient it practically guarantees that 2 million old perverts will not be following you, but maybe, maybe, less than a thousand die hard survivalists. I think the Four Corners has enough room for that.

So while expatriation sounds good, bloody, bloody revolution where you drag all the politicians and the senior FBI members out into the street, along with the 1% and Wall Street, and behead them French Revolution style will be more practical.

If anything, history demonstrates that is a repeating pattern. Like forest fires cleaning out the built up underbrush. Once in awhile, those that have attained power get fat, lazy, and forget about the "line" that can't be crossed. One day they look around and find themselves surrounded by pitchforks and torches and go, "Oh shit. We went too far dammit."

Fuck that. If the populace keeps electing people who pass these laws, then representative democracy is working as it should. You don't withdraw your support from a government by "resisting". You lawfully withdraw your support from a government by expatriating (paying any required exit taxes on your way out the door), and denying it the revenue stream from your future taxes.

The US has a very effective financial Berlin wall built around the country. American Citizens and Permanent Residents (Green Card holders) are taxed on the basis of their citizenship/residency, irrespective of where they live. Want to renounce your citizenship? Fine. You'll still be taxed for an additional 10 years.

Unless things have changed very recently, the US government allowed you to file a form informing them of the taxes you paid to your resident country and deduct that amount from your US taxes. If you lived in most of the civilised world, that meant you paid more than the US rate anyhow and had a US tax liability of $0.

You can do that, but it only covers your income up to $95,100 [about.com] annually; for anything above and beyond that, you'll have to pay U.S. federal income tax regardless of having paid any other taxes in your new country of residence.

I know this is going to sound over-the-top, but there's a scary notion in there.

In a world where warrants are an arcane idea from the distant past, and snatch-and-grab detention of US citizens without justification or trial is entirely legal, words like "resisting" or "taking-a-stand" could have some pretty serious consequences.

I'm not saying you shouldn't, or that you'll necessarily get black-bagged, but do appreciate what you're risking.

Not resisting and/or taking a stand also have serious consequences in a world where people who resist can be 'black-bagged'. When no one fights back, the oppressor just gets bolder and the oppression more universal.

If the government will black back you for fighting back, then you had every right and perhaps even a patriotic duty to fight.

If a person believes that their spouse will kill them if they leave, that's all the justification they need to leave. They have to take that chance, they have to leave and they have to fight back. Relenting or rolling over only guarantees you get hurt. Even if you die fighting back may at least stop them from hurting anyone else.

The same goes for the government. We're guaranteed to be oppressed if we stay quiet and do nothing. We may force them to reconsider if we fight back, if nothing every one of them we kill (yes, we're talking about killing them) is one more that can't hurt your neighbors, friends, family, enemies, people you have no connection to whatsoever, etc.

I know this is going to sound over-the-top, but there's a scary notion in there.

In a world where warrants are an arcane idea from the distant past, and snatch-and-grab detention of US citizens without justification or trial is entirely legal, words like "resisting" or "taking-a-stand" could have some pretty serious consequences.

I'm not saying you shouldn't, or that you'll necessarily get black-bagged, but do appreciate what you're risking.

While is may offend the sensibilities of the more effeminate members of slashdot, this is exactly why you should own a gun (or more than one) and know how to use it. Better to have a chance of taking some of the bastards down with you instead of being murdered without fighting back.

FUCK THEM. If we leave the US, another country will just start up with the same bullshit under the pretense they are providing security.

I will not code back doors into my system just so the FBI can watch me, and my clients, and their customers. If anything, it is forcing me and others to consider how we can become a "common carrier" for media. Plenty of data backup and data retention companies are embracing the paradigm of data being encrypted on the customer's premise and then stored redundantly in data centers. FBI demands a copy of my data from them? Go ahead. When you want the keys to decrypt it go to the customer and ask them.

It is an absolute violation of our privacy. I don't care if historically it had been easy to eavesdrop on citizens and alleged criminals because there was no security. Put bugs in their houses and actually do some footwork.

That is the problem. They have demonstrated beyond any doubt that they cannot be trusted with the power we have given them. Any doubt whatsoever.

They want backdoors? Fine. I'll give them a fucking front door and make it abundantly clear that I don't control the means of encryption. Customers do.

ZRTP, or endpoint-to-endpoint encryption will be the future of communications. Only in very specific applications do you need servers in the media path, and even then, you don't necessarily need plain audio. You can access functions and features available with out-of-band signalling that does not rely on the more traditional in-band signalling of touch tones in the past.

Those bitches in the FBI can bring it on.

Of course the logical conclusion is that the FBI will say that key escrow is required to provide safety and security to Americans. At that point I say let the bloody revolution begin.

Forget it, if you are having a degree that deals with a specialized field like IT, you are in a minority. The rest of the population won't stand up for you, unless you have something tangible to offer. I hear Linux doesn't quite have the market share for that.

Since you mention the familial homeland, I'm wondering whether Germany would allow Americans with a German ancestry back in, as it did with the Volga-Germans (http://en.wikipedia.org/wiki/Volga_Germans). They settled in Russia some 200 years earlier a

Let us be clear about the distinction between telephone wiretaps and the provisions of CALEA. Traditionally, to wiretap a telephone line you literally connected equipment to the line, which involves sending an officer into the field and can potentially tip off the target of the tap. CALEA requires phone companies to make automated tapping of some fraction of their lines possible, so that a line can be tapped invisibly and without anyone having to leave their desk.

No, I have no problem with traditional wiretapping; you can bet that I have a problem with CALEA. What the FBI is complaining about is that traditional wiretapping techniques are difficult to apply to the Internet, and thus they want CALEA-style tapping to be available. No thank you -- we do not need to expand the already vast surveillance infrastructure in this country, nor do we need to turn the Internet into a clone of Cable TV (i.e. a network where only large organizations can run servers legally).

The problem is not who is getting wiretapped, the problem is who and what is being obligated to support it. The original CALEA applied to AT&T. AT&T can figure out how to navigate a federal statute.

But now they're wanting to impose it on software. The last thing this country needs is laws that end up throwing J. Random Hacker at some university graduate program or tech startup in federal prison for publishing a new VOIP protocol without consulting a team of attorneys.

On top of that, the traditional phone network has crap for security. Any jackass with a lineman's handset can stand in front of your building and listen to your POTS telephone calls. Implementing wiretaps for that is easy because the phone company already has the cleartext, and it doesn't really make the security any worse than its current level of non-existence. By contrast, the way VOIP should be implemented is with end-to-end encryption -- but then the VOIP provider can't wiretap you, because they don't (by design) have access to the cleartext. Which is the only way to make it so that if the VOIP provider gets hacked, the infiltrators can't intercept your phone conversations.

Enshrining insecure designs into the law that allow foreign governments to conduct industrial espionage against U.S. companies is a bad idea.

There are plenty of good reason to treat them different. For one, back in the day, most criminals could not start their own telephone network. It would have been pretty much impossible to run a telephone system for any real distance without getting caught. The internet; however, has lowered the barrier significantly. It is fairly easy to run your own services. It would not even take that much capital. If you start wiretapping websites, emails, VOIP, etc., you will have a system that only has the ability to wiretap innocents and criminals that would probably been caught anyway through other means since they are idiots. The smart criminals would have no trouble at all avoiding such a system. Since almost nothing is gained, why risk the abuse of such a system? The internet is designed to be open and resilient not tappable. The only way to keep the criminals from starting their own services is to complete change the structure of the internet. Such a thought I am completely against.

While lack of trust in the government here is a primary issue, a bigger issue is the fact that with some many mandated government back-doors in communications software, it's going to be a field day for crackers to get access to things they never dreamed of. This sh*t deals to be dealt with directly, and NOW!

"I have lots to hide. Just because it is not illegal, unethical, or immoral does not mean I do not want to hide it.

I am also do not want to spend my time complying with this kind of regulation."

All of the above. If the FBI asked me to provide a "back door" to my service, I'm not sure whether I would just tell them "NO!", or give them the answer I more feel like giving them: "F**k Off And Die!"

You seem to forget how the US Government operates. The laws are passed and will go as far as they want them to go. Only later after someone has amassed enough support and money does the constitution and the question of how far have they gone come into play.

There is a third choice. When they ask immediately shut down the servers and replace them with a static page that tells your users why, along with contact information for the agents who gave the order. Then, tell them to fuck off and die. They can't jail you for refusing to provide back-door access to a service that no longer exists.

It only takes one big service the size of GMail doing that before riots break out.

FreedomBox [wikipedia.org] (which has been mentioned on Slashdot before) is working on it. Particularly, building a usable system with the vision that an average user could buy a cheap plug computer with FreedomBox's software installed, plug it in, and use it instead of the various centralized cloud and social services in use today. The software is based on Debian and combining existing tools along with new software and protocols to make it usable.

To solve the problem at hand, it is entirely sufficient to use end-to-end encryption, either public key or symmetric, it really doesn't matter. A decentralized solution without such encryption would only be slower without offering anything in terms of privacy. Those of us who use GPG with email are already reaping the rewards of secure communications, even as we assume that copies of our communications are made and kept for many years by many different parties.

I worked on CALEA and even for that, smaller telecoms were able to get exempted from this in-theory. I say in theory because even in areas of Alaska that only served 4000 people we submitted estimates for over $400K to update them and the FBI paid for it (shhh - don't tell any one - I did sign a NDA)...that aside, smaller sites can't possible be forced to pay for this and if you do, take a note from the CALEA play book - estimate very high and make a lot of proift.

Seems almost trivially easy to solve: pad the encoding (prior to encryption, so that the receiver can determine what is padding and what is actual speech) randomly. Tada, no more packet-size to speech correspondence (it will increase the data overhead, of course, but you can reduce that by padding "dead-space" when people aren't talking more than when they are).

Other than gathering data on connection times and destinations, frequencies, and statistical correlation techniques, I'd long assumed traditional wiretap is dead.

Am I incorrect?

If terrorists talk over Skype and it's important enough there are ways to decrypt or decode the conversations. At this point in time it;s expensive to do and the FBI wants to empower itself so it can do surveillance on the massive scale.

But there hasn't been a serious terrorist attack since 9/11. It's just not worth it to most of us to do this because there just aren't that many terrorists. It's the unintended consequences that people are concerned about, letting law enforcement use drones is bad enough and

MiTM. How do you know that you're establishing the connection with the person at the other end, and not just signing a stream with a different server or that your packets aren't being transparently intercepted and modified during the encryption setup phase?

Security has gotten so good these days that all the holes in security we used to defend against are now be mandated by government to be put back in! In all the genius lets put all our data at risk again. Provide a backdoor for one party on the Internet and you provide a backdoor for everybody. We need more attack vectors!

I get wanting to be able to monitor data, there is zero reason this should be easy however.

They always say they need this or that then want to pass the bill to the industry and consumer.

Second why do they need this? If it's to fight terrorism then I'm all for it but if it's to fight "drugs" and "crime" then I'm totally against it.

The FBI bill should be completely restricted to terrorism investigations only and not "crime" or "law enforcement" or "drugs", and no they shouldn't be allowed to use the "child porn" language to sneak "crime" and "drugs" in. The main reason the internet doesn't trust th

lol, ok, lets set up this huge system of spying to fight the terrorists......and lets say there aren't many terrorist out there so there's not much to do with the system......what does any self serving bureaucracy do?..

Labels things that were not considered terrorism as terrorism. Use encryption? Terrorist!, Don't pay your child support? Terrorist!. Visit a protest? Terrorist! Child porn is Terrorism! Drug users are Terrorists! The list never ends.

lol, ok, lets set up this huge system of spying to fight the terrorists......and lets say there aren't many terrorist out there so there's not much to do with the system......what does any self serving bureaucracy do?..

Labels things that were not considered terrorism as terrorism. Use encryption? Terrorist!, Don't pay your child support? Terrorist!. Visit a protest? Terrorist! Child porn is Terrorism! Drug users are Terrorists! The list never ends.

That is why the language has to be very specific. The language should identify exactly what terrorism is or isn't and what this surveillance can be used for. Otherwise I'm not going to support it. This trend of greatly trying to expand police powers and using extremely vague language in bills like "illegal activities" and "crime" is horrible for communities as anyone can be a criminal but most people aren't ever a terrorist.

Even if they did make the wording very narrow all it takes is a law later down the line that redefines drug trafficking as terrorism. I can see it being debated already:Insane Politician: "We need to use our SpyFest 3000 to crack down on drugs. Let's pass this law that extends it to cover drug traffickers."Reasonable Politician: "Uhm, no. SpyFest 3000 was an overreach when there was real, immediate, huge potential harm out there. Drug traffickers are better stopped by actual human intelligence instead o

It's useless. Criminals will just set up their own offshore servers, use encryption, dark nets you name it.

Meanwhile it isn't so much the abuses of CALEA that are the problem, but the lack of security. These things are basically backdoors to the network you live on, and let any old person with the keys (say a Chinese intruder) in.

Opposes SOPA/CISPA. Opposes warrantless wiretapes or backdoors into websites. - Just thought I'd point that out. - For all the hate directed at him in the other article, I think You and Paul are in 99% agreement on these topics.

If this goes through, does this mean that providers such as Comcast, Verizon, et al, who both provide the physical means of communications and who also offer the services described in the article, will now be treated as telecommunication companies, subject to all the rules and regulations therein?

If so, does that mean we can finally get competition for broadband without those companies wanting to charge exorbitant rates to competitors for line usage?

There's nothing in the Constitution that says we have to make invading our privacy easier on them. Already we are facing all our car's movements being trackable and now they want to make sure every form of communication is easily accessible. At what point does unreasonable search and seizure kick in? This almost ties into the TSA story. The Supreme Court needs to define "Unreasonable search and seizure" since the government seems to think ALL search and seizure is reasonable. Need I bring up drug forfeiture? You can take a tourist on a day fishing trip and if he has a brick of cocaine with him they seize your boat and the government feels that's reasonable even when you had no way to know without illegally searching your customer.

In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned.

Do not accept any bill which contains overly broad or vague language. Be watchful of FBI objectives which claim to focus on "illegal activities" and "crime". Also be careful of emotional keywords like "kiddie porn" and "pedophiles".

When it comes to fighting terrorism I'm for the FBI. When it comes to fighting pedophiles I'm for the FBI. When it comes to fighting "illegal activities" and "crime" I'm not for the FBI because that isn't specific enough to give them broad powers. Since everyone is a criminal, if we empower them to fight "illegal activities" we are giving them the power to abuse entire communities in the name of combating "illegal activities" and "crime". The purpose of the FBI should be to protect communities, and we universally agree that terrorists and pedophiles are the bad guys regardless of our political stance on other issues.

We need bills which remove the political issues such as piracy, "illegal activities" and crime and focus more on terrorism and violence. If someone is a serial killer the FBI should be able to do a wiretap, but don't want to see the day when the FBI sees everything we do online and starts arresting people on piracy and other trivial offenses. Yes some people are going to say these offenses are economic crimes, but these offenses aren't good enough to put backdoors in every website.

Do you realize that every single domestic terror plot foiled by the FBI was created by the FBI?

I'm aware. But if someone is trying to talk you into bombing innocent people and you don't have a conscience about that or any reservations about loss of life then you're still a threat to society. I do understand that the FBI could trick people into saying stuff and every case is different, but I also recognize that there are real terrorists out there and this is the only way to catch them.

How do you catch the next abortion clinic bombing terrorist if you don't do a sting? If you have a better way of doing

Make it real easy for them to monitor what you are doing. Start CC'ing the head of the FBI on all your emails etc. and send him daily reports as to what you are doing as well as well. You should also sen this required data to the members that sit on the committees approving such a thing.

It should please you to know that all of my websites are already amenable to wiretapping, and my networks are all designed to allow you to insert your sniffer wherever you want. Please do note, however, that most of my internal support services communicate via the pDonkey protocol, where all data is encoded as a series of pictures of donkeys copulating.

It will be left to you to decode messages transmitted in this manner, as the protocol is intended to send a clear message to any eavesdro[ppers on our secure systems. The message is "Fuck you, jackass".

This could be a big win for open source. Are you concerned about your privacy? Then you'd better not be running proprietary mail or web software because the government backdoors are pre-installed (actually, they're probably there already today, but now you'll know for sure). Only if you're running open source will you be able to inspect the code yourself, verify that there are no government backdoors, or remove them if they are present. I'm sure the clever among us will even go as far as to send the FBI to a honeypot while directing private communications to the real servers.

If the FBI was actually able to hire the best and the brightest, then there would be no no need for a "wiretap-friendly" software. Social networking sites are the easiest. VoIP, IM, and E-mail is just a matter of Wireshark and the proper filters applied.

Maybe they need to put up some job advertisements on/.

They want to save money. It's not a matter of them being able to hire the best and brightest, they want to do it for free.

They're bureaucrats, they want something nice and official. File a piece of paper in triplicate, get a recorded conversation. Nothing too messy, error prone and work intensive. If you have to do the work and you fail, it's your ass but if it's nice and bureaucratic you can blame "the process."

This is legislation to make it legal, and they're talking about legislation to make it *required*... this has nothing to do with needing technical prowess. Right now, Facebook is able to tell them to shove it (not that they would) and they have to deal with it. This will not only preclude them from having to have the proper technical staff, but it will also allow them to not have to worry about breaking each new technology as it emerges.

The FBI operates on the "stupid crook theory," which basically states that there are no criminal masterminds out there, just idiots who will use systems with widely publicized law enforcement back doors.

The FBI operates on the "stupid crook theory," which basically states that there are no criminal masterminds out there, just idiots who will use systems with widely publicized law enforcement back doors.

Or, if you can't beat them at their own game, make them play yours [slashdot.org].